By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

for this series: It may be a pain in the neck, but it's a necessary response to the threats of the information age.

"When I got here in 2000, my goal from the beginning was comprehensive security," said Rickabaugh, CISO for Premier Inc., a San Diego-based alliance of non-profit hospitals and healthcare systems across the United States. "Before HIPAA's privacy and security rules came along, we had been demanding these standards."

Getting there is hard. With a growing mobile workforce armed with laptops and ever-advancing, ever-more-integrated technology, it's going to get harder, he said. It's especially challenging for an organization like Premier, which helps members find ways to improve their quality of care and do it in a more cost-effective way.

We are the stewards of customer data. We have a responsibility to them so they can protect those who matter the most -- their patients.Fred Rickabaugh CISOPremier, Inc.

"One of the big challenges is making sure IT staff is on top of who is using the network, who has what access and getting people to fall in line with the rules of usage," Rickabaugh said. "But it gets better with time. People see the value in the long run. Encryption for laptops is an example: If the data is encrypted and the laptop is lost, the integrity of the information is still there."

In the end, his point is the same as others interviewed. "We are the stewards of customer data," he said. "We have a responsibility to them so they can protect those who matter the most -- their patients."

Harry Reynolds, vice president of HIPAA and information compliance officer for BCBS of North Carolina, said the key to meeting the HIPAA challenge is understanding the threats that come with doing business online.

"With personal information so critical, with healthcare information so important and with threats like identity theft, organizations can't afford to ignore security," he said. "HIPAA offers a structure to help protect people's rights and information. There are different obstacles and the solutions are imprecise across the board. But despite the shakeout period ahead, it's all for the good."

And whether the organization is a small office, a large insurance company or a nonprofit hospital chain, it's important to remember HIPAA doesn't demand a one-size-fits-all approach.

Related stories in the series

HIPAA tools you can use: HIPAA's security requirements affect companies that store and transmit protected health information electronically. This includes healthcare providers, insurers and clearinghouses. Enterprises that serve clients in the healthcare industry.

HIPAA security rules broken down: The HIPAA security requirements have been described by the Department of Health and Human Services, ArticSoft, HIPAAacademy.net and the Centers for Medicare & Medicaid Services (CMS).

"I try to tell the average practice that there's a lot of flexibility in the security aspect of HIPAA," said Jennifer Daniels, a lawyer specializing in health issues for Blank Rome, a firm with offices up and down the East Coast. "They need to understand that the requirement is for them to meet the requirements to the best of their ability, based on their size and budget."

Another point organizations must remember is that as technology advances and new threats emerge, existing laws may change and new laws will likely appear, said Lisa Gallagher, a consultant with Maryland-based Javelin Technology Group.

"This doesn't end with the April deadline," she said. "There will probably be some tweaking to HIPAA and we might see new regulations. Ultimately, in the information age you need to make security and compliance a part of the daily business practice."

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy